- 项目结构
![在这里插入图片描述](https://i-blog.csdnimg.cn/blog_migrate/c39dff729d0ca14b36fe62d690dffdb8.png)
![在这里插入图片描述](https://i-blog.csdnimg.cn/blog_migrate/c1d82d66aa3e7ac497d6685b7f6c619e.png)
1,导入依赖
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-jdbc</artifactId>
</dependency>
<dependency>
<groupId>org.projectlombok</groupId>
<artifactId>lombok</artifactId>
<version>1.18.10</version>
<scope>provided</scope>
</dependency>
<dependency>
<groupId>org.mybatis.spring.boot</groupId>
<artifactId>mybatis-spring-boot-starter</artifactId>
<version>2.1.2</version>
</dependency>
<dependency>
<groupId>mysql</groupId>
<artifactId>mysql-connector-java</artifactId>
<scope>runtime</scope>
</dependency>
<dependency>
<groupId>org.apache.shiro</groupId>
<artifactId>shiro-spring</artifactId>
<version>1.4.1</version>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-thymeleaf</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-web</artifactId>
</dependency>
2,用于授权和认证的realm
public class UserRealm extends AuthorizingRealm {
@Autowired
private UserService userService;
@Override
protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) {
System.out.println("授权--doGetAuthorizationInfo");
SimpleAuthorizationInfo info = new SimpleAuthorizationInfo();
Subject subject = SecurityUtils.getSubject();
User user = (User) subject.getPrincipal();
info.addStringPermission(user.getPerms());
return info;
}
@Override
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authenticationToken) throws AuthenticationException {
System.out.println("认证--doGetAuthenticationInfo");
UsernamePasswordToken token = (UsernamePasswordToken) authenticationToken;
User user = userService.queryUserById(token.getUsername());
if (user==null){
return null;
}
return new SimpleAuthenticationInfo(user,user.getPassword(),"");
}
}
3,交给Spring管理
- 第一步,创建realm对象,需要自定义类:用户
- 第二步,DefaultWebSecurityManager: 管理
- 第三步,安全管理器
@Configuration
public class ShiroConfig {
@Bean
public ShiroFilterFactoryBean shiroFilterFactoryBean(@Qualifier("defaultWebSecurityManager") DefaultWebSecurityManager manager){
ShiroFilterFactoryBean shiroFilterFactoryBean = new ShiroFilterFactoryBean();
shiroFilterFactoryBean.setSecurityManager(manager);
LinkedHashMap<String, String> filterMap = new LinkedHashMap<>();
filterMap.put("/views/add","perms[user:add]");
filterMap.put("/views/update","perms[user:update]");
filterMap.put("/views/*","authc");
shiroFilterFactoryBean.setUnauthorizedUrl("/unauthorizedUrl");
shiroFilterFactoryBean.setFilterChainDefinitionMap(filterMap);
//设置登录的请求
shiroFilterFactoryBean.setLoginUrl("/toLogin");
return shiroFilterFactoryBean;
}
//第二步,DefaultWebSecurityManager 管理
@Bean
public DefaultWebSecurityManager defaultWebSecurityManager(@Qualifier("userRealm") UserRealm userRealm){
DefaultWebSecurityManager securityManager = new DefaultWebSecurityManager();
securityManager.setRealm(userRealm);
return securityManager;
}
//第一步,创建realm对象,需要自定义类;用户
@Bean
public UserRealm userRealm(){
return new UserRealm();
}
}
4,控制层
@Controller
public class MyController {
@RequestMapping(value = {"/","/index"})
public String toIndex(Model model){
model.addAttribute("msg","首页");
return "index";
}
@RequestMapping("/views/add")
public String toAdd(){
return "views/add";
}
@RequestMapping("/views/update")
public String toUpdate(){
return "views/update";
}
@RequestMapping("/toLogin")
public String toLogin(){
return "login";
}
@RequestMapping("login")
public String login(String name, String password, Model model){
Subject subject = SecurityUtils.getSubject();
UsernamePasswordToken token = new UsernamePasswordToken(name, password);
try {
subject.login(token);
return "index";
}catch (UnknownAccountException e){
model.addAttribute("msg","用户名错误");
return "login";
}catch (IncorrectCredentialsException e){
model.addAttribute("msg","密码错误");
return "login";
}
}
@ResponseBody
@RequestMapping("/unauthorizedUrl")
public String unauthorizedUrl(){
return "未授权,不能访问该页面";
}
}